Comments on: A Simple File Upload Script using PHP

By: Ikki

Ikki — Sat, 05 Jul 2008 16:45:23 +0000

@Karen: Strange. I didn’t find any further errors on your script. Try adding this line to your upload.php:

error_reporting(E_ALL);

This function will tell PHP to display any errors it might encounter while executing this script. Please copy the error message and post it here

By: Karen

Karen — Sat, 05 Jul 2008 15:39:05 +0000

Corrected the line, and….. it still gives me a blank page. This one is weird!

By: Ikki

Ikki — Fri, 04 Jul 2008 15:25:49 +0000

@Karen: I think I found your problem. See this line in your script:

$blacklist = array(“.php”, “.phtml”, “.php3?, “.php4?, “.php5?, “.exe”, “.js”,“.html”, “.htm”, “.inc”);

You’re missing some closing double-quotes in your blacklist array. It should be like this:

$blacklist = array(“.php”, “.phtml”, “.php3?”, “.php4?”, “.php5?”, “.exe”, “.js”,“.html”, “.htm”, “.inc”);

It should work now. You were getting a blank page because of a PHP error. You should enable PHP to display errors in your scripts in order to let you know when something goes wrong (but use it only on testing enviroments, never on production enviroments!).

Let me know if it worked, ok?

By: Karen

Karen — Fri, 04 Jul 2008 14:47:46 +0000

Upload.php and form.html and the ‘uploads’ folder are all in orielchambers folder on public.html.

By: Karen

Karen — Fri, 04 Jul 2008 14:44:39 +0000

No sorry it doesnt work.
Here’s my script:-

// Upload directory: remember to give it write permission!
$uploaddir = “upload/”;
// what file types do you want to disallow?
$blacklist = array(“.php”, “.phtml”, “.php3?, “.php4?, “.php5?, “.exe”, “.js”,“.html”, “.htm”, “.inc”);
// allowed filetypes
$allowed_filetypes = array(‘.jpg’,‘.gif’,‘.bmp’,‘.png’);

if (!is_dir($uploaddir)) {
   die (“Upload directory does not exists.”);
}
if (!is_writable($uploaddir)) {
   die (“Upload directory is not writable.”);
}

if ($_POST['submit']) {

   if (isset($_FILES['file'])) {
   if ($_FILES['file']['error'] != 0) {
   switch ($_FILES['file']['error']) {
   case 1:
   print ‘The file is too big.’; // php installation max file size error
   exit;
   break;
   case 2:
   print ‘The file is too big.’; // form max file size error - DEPRECATED
   exit;
   break;
   case 3:
   print ‘Only part of the file was uploaded’.;
   exit;
   break;
   case 4:
   print ‘No file was uploaded.’;
   exit;
   break;
   case 6:
   print “Missing a temporary folder.”;
   exit;
   break;
   case 7:
   print “Failed to write file to disk”;
   exit;
   break;
   case 8:
   print “File upload stopped by extension”;
   exit;
   break;
   }
   } else {
   foreach ($blacklist as $item) {
   if (preg_match(“/$item\$/i”, $_FILES['file']['name'])) {
   echo “Invalid filetype !”;
   unset($_FILES['file']['tmp_name']);
   exit;
   }
   }
   // Get the extension from the filename.
   $ext = substr($_FILES['file']['name'], strpos($_FILES['file']['name'],‘.’), strlen($_FILES['file']['name'])-1);
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes)){
die(‘The file you attempted to upload is not allowed.’);
}
if (!file_exists($uploaddir . $_FILES["file"]["name"])) {
// Proceed with file upload
if (is_uploaded_file($_FILES['file']['tmp_name'])) {
//File was uploaded to the temp dir, continue upload process
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploaddir . $_FILES['file']['name'])) {
// uploaded file was moved and renamed succesfuly. Display a message.
echo “Upload successful!”;
} else {
echo “Error while uploading the file, Please contact the webmaster.”;
unset($_FILES['file']['tmp_name']);
}
} else {
//File was NOT uploaded to the temp dir
switch ($_FILES['file']['error']) {
case 1:
print ‘The file is too big.’; // php installation max file size error
break;
case 2:
print ‘The file is too big.’; // form max file size error
break;
case 3:
print ‘Only part of the file was uploaded’;
break;
case 4:
print ‘No file was uploaded’;
break;
case 6:
print “Missing a temporary folder.”;
break;
case 7:
print “Failed to write file to disk”;
break;
case 8:
print “File upload stopped by extension”;
break;
}
}
} else { // There’s a file with the same name
echo “Filename already exists, Please rename the file and retry.”;
unset($_FILES['file']['tmp_name']);
}
   }
   } else { // user did not select a file to upload
   echo “Please select a file to upload.”;
   }
} else { // upload button was not pressed
   header(“Location: form.html”);
}
?>

By: Ikki

Ikki — Fri, 04 Jul 2008 14:13:04 +0000

@Karen: I think you’re setting the wrong path. Try this: put both scripts (the form and the uploaded script) in the folder “orielchambers” and set your $uploaddir variable to “upload/”.

If it doesn’t work please let me know. I may give you a hand with your script if you allow me to do so.

By: Karen

Karen — Fri, 04 Jul 2008 14:00:12 +0000

Gave ‘upload’ folder writing permissions 0774. Changed the path to ‘public_html/orielchambers/upload’ (the path on my server). The browser sends my page to upload.php with blank page still.

By: Ikki

Ikki — Thu, 03 Jul 2008 15:03:28 +0000

@Karen: You need to create a “upload” folder on your server and give it writing permissions before using this script. Remember to change the path to its location in line 3!

Give it a try and let me know if it worked, ok?

By: Karen

Karen — Thu, 03 Jul 2008 14:29:43 +0000

Do just need to upload the uploads folder, form.php and upload.php on to my site? Because in my browser when i click submit it has just a blank page… What did i do wrong?

By: Ikki

Ikki — Mon, 19 May 2008 15:35:40 +0000

@jose: De nada